authentication=Authentication Modules
UPerror=Both user ID and password are required.
classpathError=Class not found. Check the class path.
NoServer=Server cannot be contacted.
Naming=Naming error has occurred.
PasswordExp=Password expires in: {0}
GraceLogins=Your password has expired and you have {0} grace logins remaining.
TimeBeforeExpiration=Password expires in: {0}
PasswordReset=Password must be reset.
PasswdMismatch=The password and the confirm password do not match.
PasswordInvalid=Your password does not comply with present password policy.
NewPasswordInvalid=Your new password does not comply with present password policy.
UPsame=Username and password must be different. Try again.
inPwdQual=New password does not meet the password policy requirements.
pwdInHist=New password has been used previously.
pwdToShort=New password is too short.
pwdToYoung=Password has been changed recently, cannot change password.
PInvalid=The password you entered is invalid.
PasswdSame=The password must be different. Try again.
a101=Primary LDAP Server this list to set the primary LDAP server used for authentication. LDAP authentication module will use this list as the primary server for authentication. A single entry must be in the \
format:<br/><br/><code>ldap_server:port</code><br/><br/>Multiple entries allow associations between OpenAM servers and a LDAP server. \
The format is:<br/><br/><code>local server name | server:port</code><br/><br/>\
The local server name is the full name of the server from the list of servers and sites.
a102=Secondary LDAP Server this list to set the secondary (failover) LDAP server used for authentication. the primary LDAP server fails, the LDAP authentication module will failover to the secondary server. \
A single entry must be in the format:<br/><br/><code>ldap_server:port</code><br/><br/>\
Multiple entries allow associations between OpenAM servers and a LDAP server. \
The format is:<br/><br/><code>local server name | server:port</code><br/><br/>\
<i>NB </i>The local server name is the full name of the server from the list of servers and sites.
a103=DN to Start User Search search for accounts to be authenticated start from this base DN a single server just enter the Base DN to be searched. Multiple OpenAM servers can have different base DNs for the search \
The format is as follows:<br/><br/><code>local server name | search DN</code><br/><br/>\
<i>NB </i>The local server name is the full name of the server from the list of servers and sites.
a104=Bind User DN DN of an admin user used by the module to authentication to the LDAP server LDAP module requires an administration account in order to perform functionality such as password reset.<br/><br/>\
<i>NB </i><code>cn=Directory Manager</code> should not be used in production systems.
a105=Bind User Password password of the administration account.
a106=Attribute Used to Retrieve User Profile LDAP module will use this attribute to search of the profile of an authenticated user. is the attribute used to find the profile of the authenticated user. Normally this will be the same attribute used to \
find the user account. The value will be the name of the user used for authentication.
a107=Attributes Used to Search for a User to be Authenticated attributes specified in this list form the LDAP search filter. default value of uid will form the following search filter of <code>uid=<i>user</i></code>, if there are multiple \
values such as uid and cn, the module will create a search filter as follows <code>(|(uid=<i>user</i>)(cn=<i>user</i>))</code>
a108=User Search Filter search filter will be appended to the standard user search filter. attribute can be used to append a custom search filter to the standard filter. For example: \
<code>(objectClass=person)</code>would result in the following user search filter:<br/><br/>\
a109=Search Scope level in the Directory Server that will be searched for a matching user profile. attribute controls how the directory is searched.<br/><br/>\
<ul><li><code>OBJECT</code>: Only the Base DN is searched.</li>\
<li><code>ONELEVEL</code>: Only the single level below (and not the Base DN) is searched</li>\
<li><code>SUBTREE</code>: The Base DN and all levels below are searched</li></ul>
a110=LDAP Connection Mode which protocol/operation is used to establish the connection to the LDAP Directory Server. 'LDAP' is selected, the connection <b>won't be secured</b> and passwords are transferred in <b>cleartext</b> over the network.<br/> \
If 'LDAPS' is selected, the connection is secured via SSL or TLS. <br/> \
If 'StartTLS' is selected, the connection is secured by using StartTLS extended operation.
a111=Return User DN to DataStore whether the DN or the username is returned as the authentication principal.
## Note level should have the highest
## number for i18N key since it should
## be the last attribute when viewed in
## the adminconsole
a500=Authentication Level authentication level associated with this module. authentication module has an authentication level that can be used to indicate the level of security \
associated with the module; 0 is the lowest (and the default).
a114=User Creation Attributes the mapping of local attribute to external attribute for dynamic profile creation. dynamic profile creation is enabled; this feature allows for a mapping between the attribute/values retrieved from \
the users authenticated profile and the attribute/values that will be provisioned into their matching account in the data store.\
<br/><br/>The format of this property is: <br/><br/><code> local attr1|external attr1</code>
a115=Minimum Password Length when the user is resetting their password as part of the authentication. the user needs to reset their password as part of the authentication process, the authentication module can enforce \
a minimum password length. This is separate from any password length controls from the underlying LDAP server. If the external LDAP \
server password policy is enforcing password length, set this value to 0 to avoid confusion.
a116=LDAP Behera Password Policy Support support for modern LDAP password policies Behera Password policies are supported by modern LDAP servers such as OpenDJ. If this functionality is disabled then \
only the older Netscape VCHU password policy standard will be enforced.
a117=Trust All Server Certificates a <code>X509TrustManager</code> that trusts all certificates. feature will allow the LDAP authentication module to connect to LDAP servers protected by self signed or invalid \
certificates (such as invalid hostname).<br/><br/>\
<i>NB </i>Use this feature with care as it bypasses the normal certificate verification process
a118=LDAP Connection Heartbeat Interval how often should OpenAM send a heartbeat request to the directory. setting controls how often OpenAM <b>should</b> send a heartbeat search request to the configured \
directory. If a connection becomes unresponsive (e.g. due to a network error) then it may take up to the interval \
period before the problem is detected. Use along with the Heartbeat Time Unit parameter to define the exact interval. \
Zero or negative value will result in disabling heartbeat requests.
a119=LDAP Connection Heartbeat Time Unit the time unit corresponding to the Heartbeat Interval setting. setting controls how often OpenAM <b>should</b> send a heartbeat search request to the \
configured directory. If a connection becomes unresponsive (e.g. due to a network error) then it may take up to the \
interval period before the problem is detected. Use along with the Heartbeat Interval parameter to define the exact \
a120=LDAP operations timeout the timeout in seconds OpenAM should wait for a response of the Directory Server - <code>0</code> means no timeout. the Directory Server's host is down completely or the TCP connection became stale OpenAM waits until operation \
timeouts from the OS or the JVM are applied. However this setting allows more granular control within OpenAM itself. \
A value of <code>0</code> means NO timeout is applied on OpenAM level and the timeouts from the JVM or OS will apply.
PasswdMinChars=New password contains fewer than minimum number of characters.
AcctInactive=Account is locked or not activated. Unlock or activate the account to continue.
#ExceedRetryLimit=Exceed password retry limit. Please try later.
ExceedRetryLimit=Authentication failed.
noUserMatchFound=User not found.
multipleUserMatchFound=Multiple matches found for this user. Contact your system administrator to fix the problem.
Nosecserver=No secondary server provided.
HostInvalid=Invalid host name.
HostUnknown=Unknown host {0}.
SchBaseInvalid=Invalid search base.
PwdInvalid=Invalid user password.
FConnect=Connection failed.
CredInvalid=Invalid credentials.
UsrNotExist=User does not exist :
UNAttr=User naming attribute is null.
USchAttr=User search attribute must have at least one value.